[Snort-users] SQL command to clear out the snort database

John strgout at ...10330...
Mon Oct 18 09:36:03 EDT 2004


On Fri, Oct 15, 2004 at 03:15:24PM -0500, Pat Delaney wrote:
> The database on my snort server is huge, I'm looking for an SQL command
> to clear it out, rather than using the webpage ACID front end.
> 
> Any thoughts?
> 
> Pat

Here is a small perl script i put together for deleting everything from the DB.
I used this because i needed to whack the snort DB over and over while getting
my snort install to the point i wanted it at. It does not delete the tables needed
to have a correct snort db setup. (schema, detail and encoding)

BTW this is MySQL specific.
You will need, perl, DBI and DBD-mysql (All perl stuff).
What ever file name you use make sure to use 700 for perms!



#!/usr/local/bin/perl
use DBI;
use strict;

my $server = 'IPOFSERVER';
my $port = '3306';
my $user = 'ADMINUSER';
my $passwd = 'ADMINPASSWD';
my $db = 'NAMEOFDATABASE';

my $dbh = DBI->connect('DBI:mysql:database='.$currentdb .
                    ';host=' . $server .
                    ';port=' . $port ,
                    $user, $passwd, {RaiseError => 1}) or
    die "Unable able to connect: $DBI::errstr\n";

# Any table you don't want cleared remove from this list.
my @tables = qw(acid_ag acid_ag_alert acid_event acid_ip_cache 
                data event icmphdr iphdr opt reference reference_system 
                sensor sig_class sig_reference signature tcphdr udphdr);

foreach (@tables) {
    $dbh->do( 'TRUNCATE TABLE`' . $_ . '`' );
}
$dbh->disconnect;




More information about the Snort-users mailing list